Lucene search
+L

66 matches found

nvd
nvd
added 2026/05/14 3:16 p.m.28 views

CVE-2026-42457

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS0.00312EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/14 2:48 p.m.50 views

CVE-2026-42457 vCluster Platform: Stored XSS can lead to privilege escalation

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS0.00312EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/14 2:48 p.m.6 views

CVE-2026-42457

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.16 views

PT-2026-40945

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References2
susecve
susecve
added 2026/04/06 11:24 p.m.5 views

SUSE CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS5.9AI score0.00184EPSS
Exploits0References3
osv
osv
added 2026/04/02 6:42 p.m.7 views

GO-2026-4913 Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...

8.8CVSS5.9AI score0.00318EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.4 views

PT-2026-29953

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...

8.8CVSS6AI score0.00318EPSS
Exploits0References3
euvd
euvd
added 2026/03/30 7:29 p.m.4 views

EUVD-2026-16797

Fleet's user account creation via invite does not enforce invited email address...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References2
github
github
added 2026/03/30 7:29 p.m.10 views

Fleet's user account creation via invite does not enforce invited email address

Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...

7.1CVSS6AI score0.00184EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/03/30 7:18 p.m.10 views

EUVD-2026-16756

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin...

8.7CVSS6AI score0.00318EPSS
Exploits0References2
osv
osv
added 2026/03/30 7:18 p.m.19 views

GHSA-9P23-P2M4-2R4M Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
github
github
added 2026/03/30 7:18 p.m.8 views

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin

Summary A SQL Injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet database, and inject arbitrary content into team configs v...

8.8CVSS6AI score0.00318EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/03/28 11:10 p.m.4 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/28 11:9 p.m.5 views

CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS
Exploits0References1
nvd
nvd
added 2026/03/27 8:16 p.m.9 views

CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS0.00184EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/27 7:18 p.m.21 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS0.00184EPSS
Exploits0References1
cve
cve
added 2026/03/27 7:18 p.m.18 views

CVE-2026-34389

CVE-2026-34389 affects Fleet open-source device management. Before 4.81.0, the user invitation flow did not validate the invitee’s email during invite acceptance against the email tied to the invite token. An attacker with a valid invite token could create an account under an arbitrary email whil...

7.1CVSS6AI score0.00184EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/03/27 7:18 p.m.3 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/27 6:30 p.m.28 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS0.00318EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/03/27 6:30 p.m.3 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
Rows per page
Query Builder